Systems for metering information use are known. For example, see U.S. Pat. No. 4,827,508 to Shear, or U.S. Pat. No 5,010,571 to Katznelson in which access to an encrypted CD ROM database is metered. Briefly, a CD ROM containing an encrypted database of interest to a user is distributed typically at nominal cost or at no cost. A user terminal includes a host computer, a CD ROM reader, and a remote cryptographic control unit which is provided with stored cryptographic keys needed to access the database. The amount of actual data use, i.e. the retrieval and decryption of data from the CD ROM, is metered locally and recorded as a stored data usage record. The charge for data access may be either in accordance with the amount of data decrypted, or in accordance with price information recorded in the respective data headers of each individual data package.
The local stored data usage record is reported (uploaded) by telephone modem or other telecommunications link from a remote user terminal, such as a host personal computer containing the remote cryptographic control unit, to a cryptographic operations center. Each remote cryptographic control unit has a secret stored key, unique to that remote user terminal. Communication between the user terminal and the cryptographic operations center is protected by encryption using the secret key, which is stored in a secure memory in the cryptographic control unit. The secret key for each user is also stored in the cryptographic operations center. When a remote user terminal calls in and identifies itself, the cryptographic operations center looks up the corresponding user secret key, which is then used in a secure subsequent communication data exchange between the remote user terminal and the cryptographic operations center.
Also stored in the cryptographic operations center are the various cryptographic keys corresponding to the available CD ROM database titles. The user secret key is also used to secure the delivery of secret database keys from the cryptographic operations center to the user terminal for a desired CD ROM database, usually upon first encountering a new CD ROM title.
As indicated, the remote cryptographic control unit reports data usage by telephone modem. After the data usage report is successfully uploaded to the cryptographic operations center, the user is then billed, charged or debited for the actual database usage, based on the content of the uploaded data usage report. Thus, rather than being required to purchase an entire CD ROM database, the user pays only for the amount of data actually used or decrypted from the CD ROM.
Typically, the remote cryptographic control unit in the user terminal contains one or more credit registers. As each data purchase is made and recorded as a purchase log, a debit is made from the appropriate credit register. The credit register limits the amount of data which may be decrypted before requiring downloaded credit from the cryptographic operations center. The purpose of the credit register is to prevent unlimited access to the database without reporting the purchase logs and paying for data usage, and limited off line access to credit. If the available credit is exhausted, no further data decryption is allowed until new credit is downloaded to the user terminal. Past data usage is reported by the user terminal to the cryptographic operations center in a usage report consisting of multiple purchase logs (stored data usage records).
However, prior art systems have several operational problems solved by the data package record and system operation of the present invention.
In the prior art, a separate encryption code is typically used for each separate data package. In such manner, a separate charge may be made for each data package. While one header per data package is adequate when the data package is large relative to the encryption key, such system becomes inefficient when the data package is smaller. In such case, the encryption keys could use more memory than the data. For example, in a database such as a mailing list, the records are too small to justify a separate encryption key for each entry, yet it is desired to charge separately and encrypt separately, for each data record in the mailing list.
Also, in prior art systems, running out of credit terminates the data decryption session and forces the user to establish communication with the cryptographic operations center to download further credit. Thus, exhausting the credit registers in the middle of a data session will abort the session.
Further, in prior art systems, information publishers had no direct control over who purchased their data, since a purchase could be made locally off line merely by having sufficient credit available at the local user terminal.